@gravito/echo 1.0.0-alpha.2

package/README.md

@@ -0,0 +1,170 @@
+# @gravito/echo
+
+> 📡 Enterprise-grade webhook handling for Gravito. Secure receiving and reliable sending.
+
+## Features
+
+- **Secure Receiving** - HMAC signature verification, timestamp validation
+- **Built-in Providers** - Stripe, GitHub, and generic provider support
+- **Reliable Sending** - Exponential backoff retry with configurable strategy
+- **Gravito Integration** - First-class OrbitEcho module for PlanetCore
+
+## Installation
+
+```bash
+bun add @gravito/echo
+```
+
+## Quick Start
+
+### Receiving Webhooks
+
+```typescript
+import { OrbitEcho, WebhookReceiver } from '@gravito/echo'
+
+const core = new PlanetCore()
+
+// Install Echo module
+core.install(new OrbitEcho({
+  providers: {
+    stripe: { name: 'stripe', secret: process.env.STRIPE_WEBHOOK_SECRET! },
+    github: { name: 'github', secret: process.env.GITHUB_WEBHOOK_SECRET! }
+  }
+}))
+
+// Get receiver and add handlers
+const receiver = core.container.make<WebhookReceiver>('echo.receiver')
+
+// Handle specific events
+receiver.on('stripe', 'payment_intent.succeeded', async (event) => {
+  console.log('Payment received:', event.payload)
+})
+
+receiver.on('github', 'push', async (event) => {
+  console.log('Push event:', event.payload)
+})
+```
+
+### Webhook Endpoint
+
+```typescript
+app.post('/webhooks/:provider', async (c) => {
+  const provider = c.req.param('provider')
+  const body = await c.req.text()
+  const headers = c.req.raw.headers
+
+  const receiver = c.get('echo.receiver') as WebhookReceiver
+  const result = await receiver.handle(provider, body, Object.fromEntries(headers))
+
+  if (!result.valid) {
+    return c.json({ error: result.error }, 401)
+  }
+
+  return c.json({ received: true })
+})
+```
+
+### Sending Webhooks
+
+```typescript
+import { WebhookDispatcher } from '@gravito/echo'
+
+const dispatcher = new WebhookDispatcher({
+  secret: process.env.OUTGOING_WEBHOOK_SECRET!,
+  retry: {
+    maxAttempts: 5,
+    initialDelay: 1000,
+    backoffMultiplier: 2
+  }
+})
+
+// Send webhook with automatic retry
+const result = await dispatcher.dispatch({
+  url: 'https://example.com/webhook',
+  event: 'order.created',
+  data: { orderId: 123, total: 99.99 }
+})
+
+if (result.success) {
+  console.log('Webhook delivered:', result.statusCode)
+} else {
+  console.error('Delivery failed:', result.error)
+}
+```
+
+## Providers
+
+### Built-in Providers
+
+| Provider | Signature Method | Header |
+|----------|-----------------|--------|
+| `stripe` | HMAC-SHA256 + Timestamp | `Stripe-Signature` |
+| `github` | HMAC-SHA256 | `X-Hub-Signature-256` |
+| `generic` | HMAC-SHA256 | `X-Webhook-Signature` |
+
+### Custom Provider
+
+```typescript
+import { WebhookProvider, WebhookReceiver } from '@gravito/echo'
+
+class MyProvider implements WebhookProvider {
+  readonly name = 'my-provider'
+
+  async verify(payload, headers, secret) {
+    // Custom verification logic
+    return { valid: true, payload: JSON.parse(payload) }
+  }
+}
+
+receiver.registerProviderType('my-provider', MyProvider)
+receiver.registerProvider('custom', 'secret', { type: 'my-provider' })
+```
+
+## Configuration
+
+### WebhookDispatcher
+
+```typescript
+interface WebhookDispatcherConfig {
+  /** Secret for signing outgoing webhooks */
+  secret: string
+
+  /** Retry configuration */
+  retry?: {
+    maxAttempts?: number      // default: 3
+    initialDelay?: number     // default: 1000ms
+    backoffMultiplier?: number // default: 2
+    maxDelay?: number         // default: 300000ms (5min)
+    retryableStatuses?: number[] // default: [408, 429, 500, 502, 503, 504]
+  }
+
+  /** Request timeout in ms */
+  timeout?: number  // default: 30000
+
+  /** Custom User-Agent */
+  userAgent?: string
+}
+```
+
+### OrbitEcho
+
+```typescript
+interface EchoConfig {
+  /** Registered webhook providers */
+  providers?: Record<string, {
+    name: string
+    secret: string
+    tolerance?: number  // timestamp tolerance in seconds
+  }>
+
+  /** Dispatcher configuration */
+  dispatcher?: WebhookDispatcherConfig
+
+  /** Base path for webhook endpoints */
+  basePath?: string  // default: '/webhooks'
+}
+```
+
+## License
+
+MIT

package/dist/index.cjs

@@ -0,0 +1,2 @@
+"use strict";
+module.exports = require("./index.mjs");

package/dist/index.js

@@ -0,0 +1,487 @@
+// @bun
+// src/receive/SignatureValidator.ts
+async function computeHmacSha256(payload, secret) {
+  const key = await crypto.subtle.importKey("raw", new TextEncoder().encode(secret), { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
+  const payloadBuffer = typeof payload === "string" ? new TextEncoder().encode(payload) : new Uint8Array(payload.buffer, payload.byteOffset, payload.byteLength);
+  const signature = await crypto.subtle.sign("HMAC", key, payloadBuffer);
+  return Buffer.from(signature).toString("hex");
+}
+async function computeHmacSha1(payload, secret) {
+  const key = await crypto.subtle.importKey("raw", new TextEncoder().encode(secret), { name: "HMAC", hash: "SHA-1" }, false, ["sign"]);
+  const payloadBuffer = typeof payload === "string" ? new TextEncoder().encode(payload) : new Uint8Array(payload.buffer, payload.byteOffset, payload.byteLength);
+  const signature = await crypto.subtle.sign("HMAC", key, payloadBuffer);
+  return Buffer.from(signature).toString("hex");
+}
+function timingSafeEqual(a, b) {
+  if (a.length !== b.length) {
+    return false;
+  }
+  const aBytes = new TextEncoder().encode(a);
+  const bBytes = new TextEncoder().encode(b);
+  let result = 0;
+  for (let i = 0;i < aBytes.length; i++) {
+    result |= (aBytes[i] ?? 0) ^ (bBytes[i] ?? 0);
+  }
+  return result === 0;
+}
+function validateTimestamp(timestamp, tolerance = 300) {
+  const now = Math.floor(Date.now() / 1000);
+  return Math.abs(now - timestamp) <= tolerance;
+}
+function parseStripeSignature(header) {
+  const parts = header.split(",");
+  let timestamp;
+  const signatures = [];
+  for (const part of parts) {
+    const [key, value] = part.split("=");
+    if (key === "t" && value !== undefined) {
+      timestamp = parseInt(value, 10);
+    } else if (key === "v1" && value !== undefined) {
+      signatures.push(value);
+    }
+  }
+  if (timestamp === undefined || signatures.length === 0) {
+    return null;
+  }
+  return { timestamp, signatures };
+}
+
+// src/providers/GenericProvider.ts
+class GenericProvider {
+  name = "generic";
+  signatureHeader;
+  timestampHeader;
+  tolerance;
+  constructor(options = {}) {
+    this.signatureHeader = options.signatureHeader ?? "x-webhook-signature";
+    this.timestampHeader = options.timestampHeader ?? "x-webhook-timestamp";
+    this.tolerance = options.tolerance ?? 300;
+  }
+  async verify(payload, headers, secret) {
+    const signature = this.getHeader(headers, this.signatureHeader);
+    if (!signature) {
+      return {
+        valid: false,
+        error: `Missing signature header: ${this.signatureHeader}`
+      };
+    }
+    const timestampStr = this.getHeader(headers, this.timestampHeader);
+    if (timestampStr) {
+      const timestamp = parseInt(timestampStr, 10);
+      if (isNaN(timestamp) || !validateTimestamp(timestamp, this.tolerance)) {
+        return {
+          valid: false,
+          error: "Timestamp validation failed"
+        };
+      }
+    }
+    const payloadStr = typeof payload === "string" ? payload : payload.toString("utf-8");
+    const expectedSignature = await computeHmacSha256(payloadStr, secret);
+    if (!timingSafeEqual(signature.toLowerCase(), expectedSignature.toLowerCase())) {
+      return {
+        valid: false,
+        error: "Signature verification failed"
+      };
+    }
+    try {
+      const parsed = JSON.parse(payloadStr);
+      return {
+        valid: true,
+        payload: parsed,
+        eventType: parsed.type ?? parsed.event ?? parsed.eventType,
+        webhookId: parsed.id ?? parsed.webhookId
+      };
+    } catch {
+      return {
+        valid: true,
+        payload: payloadStr
+      };
+    }
+  }
+  getHeader(headers, name) {
+    const value = headers[name] ?? headers[name.toLowerCase()];
+    return Array.isArray(value) ? value[0] : value;
+  }
+}
+
+// src/providers/GitHubProvider.ts
+class GitHubProvider {
+  name = "github";
+  async verify(payload, headers, secret) {
+    const signature = this.getHeader(headers, "x-hub-signature-256");
+    if (!signature) {
+      return {
+        valid: false,
+        error: "Missing X-Hub-Signature-256 header"
+      };
+    }
+    if (!signature.startsWith("sha256=")) {
+      return {
+        valid: false,
+        error: "Invalid signature format (expected sha256=...)"
+      };
+    }
+    const signatureValue = signature.slice(7);
+    const payloadStr = typeof payload === "string" ? payload : payload.toString("utf-8");
+    const expectedSignature = await computeHmacSha256(payloadStr, secret);
+    if (!timingSafeEqual(signatureValue.toLowerCase(), expectedSignature.toLowerCase())) {
+      return {
+        valid: false,
+        error: "Signature verification failed"
+      };
+    }
+    try {
+      const event = JSON.parse(payloadStr);
+      const eventType = this.getHeader(headers, "x-github-event");
+      const deliveryId = this.getHeader(headers, "x-github-delivery");
+      return {
+        valid: true,
+        payload: event,
+        eventType: eventType ?? undefined,
+        webhookId: deliveryId ?? undefined
+      };
+    } catch {
+      return {
+        valid: false,
+        error: "Failed to parse webhook payload"
+      };
+    }
+  }
+  parseEventType(payload) {
+    if (typeof payload === "object" && payload !== null && "action" in payload) {
+      return payload.action;
+    }
+    return;
+  }
+  getHeader(headers, name) {
+    const value = headers[name] ?? headers[name.toLowerCase()];
+    return Array.isArray(value) ? value[0] : value;
+  }
+}
+
+// src/providers/StripeProvider.ts
+class StripeProvider {
+  name = "stripe";
+  tolerance;
+  constructor(options = {}) {
+    this.tolerance = options.tolerance ?? 300;
+  }
+  async verify(payload, headers, secret) {
+    const signatureHeader = this.getHeader(headers, "stripe-signature");
+    if (!signatureHeader) {
+      return {
+        valid: false,
+        error: "Missing Stripe-Signature header"
+      };
+    }
+    const parsed = parseStripeSignature(signatureHeader);
+    if (!parsed) {
+      return {
+        valid: false,
+        error: "Invalid Stripe-Signature header format"
+      };
+    }
+    const { timestamp, signatures } = parsed;
+    if (!validateTimestamp(timestamp, this.tolerance)) {
+      return {
+        valid: false,
+        error: `Timestamp outside tolerance window (${this.tolerance}s)`
+      };
+    }
+    const payloadStr = typeof payload === "string" ? payload : payload.toString("utf-8");
+    const signedPayload = `${timestamp}.${payloadStr}`;
+    const expectedSignature = await computeHmacSha256(signedPayload, secret);
+    const signatureValid = signatures.some((sig) => timingSafeEqual(sig.toLowerCase(), expectedSignature.toLowerCase()));
+    if (!signatureValid) {
+      return {
+        valid: false,
+        error: "Signature verification failed"
+      };
+    }
+    try {
+      const event = JSON.parse(payloadStr);
+      return {
+        valid: true,
+        payload: event,
+        eventType: event.type,
+        webhookId: event.id
+      };
+    } catch {
+      return {
+        valid: false,
+        error: "Failed to parse webhook payload"
+      };
+    }
+  }
+  parseEventType(payload) {
+    if (typeof payload === "object" && payload !== null && "type" in payload) {
+      return payload.type;
+    }
+    return;
+  }
+  getHeader(headers, name) {
+    const value = headers[name] ?? headers[name.toLowerCase()];
+    return Array.isArray(value) ? value[0] : value;
+  }
+}
+
+// src/receive/WebhookReceiver.ts
+class WebhookReceiver {
+  providers = new Map;
+  handlers = new Map;
+  globalHandlers = new Map;
+  constructor() {
+    this.registerProviderType("generic", GenericProvider);
+    this.registerProviderType("stripe", StripeProvider);
+    this.registerProviderType("github", GitHubProvider);
+  }
+  providerTypes = new Map;
+  registerProviderType(name, ProviderCls) {
+    this.providerTypes.set(name, ProviderCls);
+    return this;
+  }
+  registerProvider(name, secret, options) {
+    const type = options?.type ?? name;
+    const ProviderClass = this.providerTypes.get(type);
+    if (!ProviderClass) {
+      throw new Error(`Unknown provider type: ${type}`);
+    }
+    const provider = new ProviderClass({ tolerance: options?.tolerance });
+    this.providers.set(name, { provider, secret });
+    return this;
+  }
+  on(providerName, eventType, handler) {
+    if (!this.handlers.has(providerName)) {
+      this.handlers.set(providerName, new Map);
+    }
+    const providerHandlers = this.handlers.get(providerName);
+    if (!providerHandlers.has(eventType)) {
+      providerHandlers.set(eventType, []);
+    }
+    providerHandlers.get(eventType).push(handler);
+    return this;
+  }
+  onAll(providerName, handler) {
+    if (!this.globalHandlers.has(providerName)) {
+      this.globalHandlers.set(providerName, []);
+    }
+    this.globalHandlers.get(providerName).push(handler);
+    return this;
+  }
+  async handle(providerName, body, headers) {
+    const config = this.providers.get(providerName);
+    if (!config) {
+      return {
+        valid: false,
+        error: `Provider not registered: ${providerName}`,
+        handled: false
+      };
+    }
+    const { provider, secret } = config;
+    const result = await provider.verify(body, headers, secret);
+    if (!result.valid) {
+      return { ...result, handled: false };
+    }
+    const event = {
+      provider: providerName,
+      type: result.eventType ?? "unknown",
+      payload: result.payload,
+      headers,
+      rawBody: typeof body === "string" ? body : body.toString("utf-8"),
+      receivedAt: new Date,
+      id: result.webhookId
+    };
+    let handled = false;
+    const providerHandlers = this.handlers.get(providerName);
+    if (providerHandlers) {
+      const eventHandlers = providerHandlers.get(event.type);
+      if (eventHandlers) {
+        for (const handler of eventHandlers) {
+          await handler(event);
+          handled = true;
+        }
+      }
+    }
+    const globalHandlers = this.globalHandlers.get(providerName);
+    if (globalHandlers) {
+      for (const handler of globalHandlers) {
+        await handler(event);
+        handled = true;
+      }
+    }
+    return { ...result, handled };
+  }
+  async verify(providerName, body, headers) {
+    const config = this.providers.get(providerName);
+    if (!config) {
+      return {
+        valid: false,
+        error: `Provider not registered: ${providerName}`
+      };
+    }
+    return config.provider.verify(body, headers, config.secret);
+  }
+}
+
+// src/send/WebhookDispatcher.ts
+var DEFAULT_RETRY_CONFIG = {
+  maxAttempts: 3,
+  initialDelay: 1000,
+  backoffMultiplier: 2,
+  maxDelay: 300000,
+  retryableStatuses: [408, 429, 500, 502, 503, 504]
+};
+
+class WebhookDispatcher {
+  secret;
+  retryConfig;
+  timeout;
+  userAgent;
+  constructor(config) {
+    this.secret = config.secret;
+    this.retryConfig = { ...DEFAULT_RETRY_CONFIG, ...config.retry };
+    this.timeout = config.timeout ?? 30000;
+    this.userAgent = config.userAgent ?? "Gravito-Echo/1.0";
+  }
+  async dispatch(payload) {
+    let lastResult = null;
+    for (let attempt = 1;attempt <= this.retryConfig.maxAttempts; attempt++) {
+      const result = await this.attemptDelivery(payload, attempt);
+      lastResult = result;
+      if (result.success) {
+        return result;
+      }
+      if (attempt < this.retryConfig.maxAttempts) {
+        const shouldRetry = this.shouldRetry(result);
+        if (shouldRetry) {
+          const delay = this.calculateDelay(attempt);
+          await this.sleep(delay);
+          continue;
+        }
+      }
+      return result;
+    }
+    return lastResult;
+  }
+  async attemptDelivery(payload, attempt) {
+    const startTime = Date.now();
+    const timestamp = Math.floor(Date.now() / 1000);
+    const webhookId = payload.id ?? crypto.randomUUID();
+    try {
+      const body = JSON.stringify({
+        id: webhookId,
+        type: payload.event,
+        timestamp,
+        data: payload.data
+      });
+      const signedPayload = `${timestamp}.${body}`;
+      const signature = await computeHmacSha256(signedPayload, this.secret);
+      const controller = new AbortController;
+      const timeoutId = setTimeout(() => controller.abort(), this.timeout);
+      try {
+        const response = await fetch(payload.url, {
+          method: "POST",
+          headers: {
+            "Content-Type": "application/json",
+            "User-Agent": this.userAgent,
+            "X-Webhook-ID": webhookId,
+            "X-Webhook-Timestamp": String(timestamp),
+            "X-Webhook-Signature": `t=${timestamp},v1=${signature}`
+          },
+          body,
+          signal: controller.signal
+        });
+        clearTimeout(timeoutId);
+        const duration = Date.now() - startTime;
+        const responseBody = await response.text();
+        return {
+          success: response.ok,
+          statusCode: response.status,
+          body: responseBody,
+          attempt,
+          duration,
+          deliveredAt: new Date,
+          error: response.ok ? undefined : `HTTP ${response.status}`
+        };
+      } finally {
+        clearTimeout(timeoutId);
+      }
+    } catch (error) {
+      const duration = Date.now() - startTime;
+      return {
+        success: false,
+        attempt,
+        duration,
+        deliveredAt: new Date,
+        error: error instanceof Error ? error.message : "Unknown error"
+      };
+    }
+  }
+  shouldRetry(result) {
+    if (!result.statusCode) {
+      return true;
+    }
+    return this.retryConfig.retryableStatuses.includes(result.statusCode);
+  }
+  calculateDelay(attempt) {
+    const delay = this.retryConfig.initialDelay * this.retryConfig.backoffMultiplier ** (attempt - 1);
+    return Math.min(delay, this.retryConfig.maxDelay);
+  }
+  sleep(ms) {
+    return new Promise((resolve) => setTimeout(resolve, ms));
+  }
+}
+
+// src/OrbitEcho.ts
+class OrbitEcho {
+  static config = { singleton: true };
+  receiver;
+  dispatcher;
+  echoConfig;
+  constructor(config = {}) {
+    this.echoConfig = config;
+    this.receiver = new WebhookReceiver;
+    if (config.providers) {
+      for (const [name, providerConfig] of Object.entries(config.providers)) {
+        this.receiver.registerProvider(name, providerConfig.secret, {
+          type: providerConfig.name,
+          tolerance: providerConfig.tolerance
+        });
+      }
+    }
+    if (config.dispatcher) {
+      this.dispatcher = new WebhookDispatcher(config.dispatcher);
+    }
+  }
+  install(core) {
+    core.container.bindSingleton("echo", this);
+    core.container.bindSingleton("echo.receiver", this.receiver);
+    if (this.dispatcher) {
+      core.container.bindSingleton("echo.dispatcher", this.dispatcher);
+    }
+  }
+  getReceiver() {
+    return this.receiver;
+  }
+  getDispatcher() {
+    return this.dispatcher;
+  }
+  getConfig() {
+    return this.echoConfig;
+  }
+}
+export {
+  validateTimestamp,
+  timingSafeEqual,
+  parseStripeSignature,
+  computeHmacSha256,
+  computeHmacSha1,
+  WebhookReceiver,
+  WebhookDispatcher,
+  StripeProvider,
+  OrbitEcho,
+  GitHubProvider,
+  GenericProvider
+};
+
+//# debugId=20EC60D051D827F464756E2164756E21

package/dist/index.js.map

@@ -0,0 +1,16 @@
+{
+  "version": 3,
+  "sources": ["../src/receive/SignatureValidator.ts", "../src/providers/GenericProvider.ts", "../src/providers/GitHubProvider.ts", "../src/providers/StripeProvider.ts", "../src/receive/WebhookReceiver.ts", "../src/send/WebhookDispatcher.ts", "../src/OrbitEcho.ts"],
+  "sourcesContent": [
+    "/**\n * @fileoverview Signature validation utilities\n *\n * Provides HMAC-based signature verification for webhook payloads.\n *\n * @module @gravito/echo/receive\n */\n\n/**\n * Compute HMAC-SHA256 signature\n */\nexport async function computeHmacSha256(payload: string | Buffer, secret: string): Promise<string> {\n  const key = await crypto.subtle.importKey(\n    'raw',\n    new TextEncoder().encode(secret),\n    { name: 'HMAC', hash: 'SHA-256' },\n    false,\n    ['sign']\n  )\n\n  const payloadBuffer =\n    typeof payload === 'string'\n      ? new TextEncoder().encode(payload)\n      : new Uint8Array(payload.buffer, payload.byteOffset, payload.byteLength)\n\n  const signature = await crypto.subtle.sign('HMAC', key, payloadBuffer as BufferSource)\n  return Buffer.from(signature).toString('hex')\n}\n\n/**\n * Compute HMAC-SHA1 signature (for legacy providers)\n */\nexport async function computeHmacSha1(payload: string | Buffer, secret: string): Promise<string> {\n  const key = await crypto.subtle.importKey(\n    'raw',\n    new TextEncoder().encode(secret),\n    { name: 'HMAC', hash: 'SHA-1' },\n    false,\n    ['sign']\n  )\n\n  const payloadBuffer =\n    typeof payload === 'string'\n      ? new TextEncoder().encode(payload)\n      : new Uint8Array(payload.buffer, payload.byteOffset, payload.byteLength)\n\n  const signature = await crypto.subtle.sign('HMAC', key, payloadBuffer as BufferSource)\n  return Buffer.from(signature).toString('hex')\n}\n\n/**\n * Timing-safe string comparison to prevent timing attacks\n */\nexport function timingSafeEqual(a: string, b: string): boolean {\n  if (a.length !== b.length) {\n    return false\n  }\n\n  const aBytes = new TextEncoder().encode(a)\n  const bBytes = new TextEncoder().encode(b)\n\n  let result = 0\n  for (let i = 0; i < aBytes.length; i++) {\n    result |= (aBytes[i] ?? 0) ^ (bBytes[i] ?? 0)\n  }\n\n  return result === 0\n}\n\n/**\n * Validate timestamp is within tolerance\n *\n * @param timestamp - Unix timestamp in seconds\n * @param tolerance - Tolerance in seconds (default: 300 = 5 minutes)\n */\nexport function validateTimestamp(timestamp: number, tolerance = 300): boolean {\n  const now = Math.floor(Date.now() / 1000)\n  return Math.abs(now - timestamp) <= tolerance\n}\n\n/**\n * Parse Stripe-style signature header\n * Format: t=timestamp,v1=signature,v1=signature2\n */\nexport function parseStripeSignature(\n  header: string\n): { timestamp: number; signatures: string[] } | null {\n  const parts = header.split(',')\n  let timestamp: number | undefined\n  const signatures: string[] = []\n\n  for (const part of parts) {\n    const [key, value] = part.split('=')\n    if (key === 't' && value !== undefined) {\n      timestamp = parseInt(value, 10)\n    } else if (key === 'v1' && value !== undefined) {\n      signatures.push(value)\n    }\n  }\n\n  if (timestamp === undefined || signatures.length === 0) {\n    return null\n  }\n\n  return { timestamp, signatures }\n}\n",
+    "/**\n * @fileoverview Generic webhook provider\n *\n * Simple HMAC-SHA256 signature verification.\n *\n * @module @gravito/echo/providers\n */\n\nimport {\n  computeHmacSha256,\n  timingSafeEqual,\n  validateTimestamp,\n} from '../receive/SignatureValidator'\nimport type { WebhookProvider, WebhookVerificationResult } from '../types'\n\n/**\n * Generic webhook provider using HMAC-SHA256\n *\n * Expected headers:\n * - X-Webhook-Signature: HMAC-SHA256 hex signature\n * - X-Webhook-Timestamp: Unix timestamp (optional)\n *\n * @example\n * ```typescript\n * const provider = new GenericProvider()\n * const result = await provider.verify(body, headers, secret)\n * ```\n */\nexport class GenericProvider implements WebhookProvider {\n  readonly name = 'generic'\n\n  private signatureHeader: string\n  private timestampHeader: string\n  private tolerance: number\n\n  constructor(\n    options: {\n      signatureHeader?: string\n      timestampHeader?: string\n      tolerance?: number\n    } = {}\n  ) {\n    this.signatureHeader = options.signatureHeader ?? 'x-webhook-signature'\n    this.timestampHeader = options.timestampHeader ?? 'x-webhook-timestamp'\n    this.tolerance = options.tolerance ?? 300\n  }\n\n  async verify(\n    payload: string | Buffer,\n    headers: Record<string, string | string[] | undefined>,\n    secret: string\n  ): Promise<WebhookVerificationResult> {\n    // Get signature from headers\n    const signature = this.getHeader(headers, this.signatureHeader)\n    if (!signature) {\n      return {\n        valid: false,\n        error: `Missing signature header: ${this.signatureHeader}`,\n      }\n    }\n\n    // Validate timestamp if present\n    const timestampStr = this.getHeader(headers, this.timestampHeader)\n    if (timestampStr) {\n      const timestamp = parseInt(timestampStr, 10)\n      if (isNaN(timestamp) || !validateTimestamp(timestamp, this.tolerance)) {\n        return {\n          valid: false,\n          error: 'Timestamp validation failed',\n        }\n      }\n    }\n\n    // Compute expected signature\n    const payloadStr = typeof payload === 'string' ? payload : payload.toString('utf-8')\n    const expectedSignature = await computeHmacSha256(payloadStr, secret)\n\n    // Compare signatures\n    if (!timingSafeEqual(signature.toLowerCase(), expectedSignature.toLowerCase())) {\n      return {\n        valid: false,\n        error: 'Signature verification failed',\n      }\n    }\n\n    // Parse payload\n    try {\n      const parsed = JSON.parse(payloadStr)\n      return {\n        valid: true,\n        payload: parsed,\n        eventType: parsed.type ?? parsed.event ?? parsed.eventType,\n        webhookId: parsed.id ?? parsed.webhookId,\n      }\n    } catch {\n      return {\n        valid: true,\n        payload: payloadStr,\n      }\n    }\n  }\n\n  private getHeader(\n    headers: Record<string, string | string[] | undefined>,\n    name: string\n  ): string | undefined {\n    const value = headers[name] ?? headers[name.toLowerCase()]\n    return Array.isArray(value) ? value[0] : value\n  }\n}\n",
+    "/**\n * @fileoverview GitHub webhook provider\n *\n * Implements GitHub's webhook signature verification.\n * @see https://docs.github.com/en/webhooks/using-webhooks/validating-webhook-deliveries\n *\n * @module @gravito/echo/providers\n */\n\nimport { computeHmacSha256, timingSafeEqual } from '../receive/SignatureValidator'\nimport type { WebhookProvider, WebhookVerificationResult } from '../types'\n\n/**\n * GitHub webhook provider\n *\n * Verifies GitHub webhook signatures using the X-Hub-Signature-256 header.\n *\n * @example\n * ```typescript\n * const provider = new GitHubProvider()\n * const result = await provider.verify(body, headers, process.env.GITHUB_WEBHOOK_SECRET)\n * ```\n */\nexport class GitHubProvider implements WebhookProvider {\n  readonly name = 'github'\n\n  async verify(\n    payload: string | Buffer,\n    headers: Record<string, string | string[] | undefined>,\n    secret: string\n  ): Promise<WebhookVerificationResult> {\n    // GitHub sends signature in X-Hub-Signature-256 header\n    const signature = this.getHeader(headers, 'x-hub-signature-256')\n    if (!signature) {\n      return {\n        valid: false,\n        error: 'Missing X-Hub-Signature-256 header',\n      }\n    }\n\n    // Signature format: sha256=<hex>\n    if (!signature.startsWith('sha256=')) {\n      return {\n        valid: false,\n        error: 'Invalid signature format (expected sha256=...)',\n      }\n    }\n\n    const signatureValue = signature.slice(7) // Remove 'sha256=' prefix\n\n    // Compute expected signature\n    const payloadStr = typeof payload === 'string' ? payload : payload.toString('utf-8')\n    const expectedSignature = await computeHmacSha256(payloadStr, secret)\n\n    // Compare signatures\n    if (!timingSafeEqual(signatureValue.toLowerCase(), expectedSignature.toLowerCase())) {\n      return {\n        valid: false,\n        error: 'Signature verification failed',\n      }\n    }\n\n    // Parse payload\n    try {\n      const event = JSON.parse(payloadStr)\n      const eventType = this.getHeader(headers, 'x-github-event')\n      const deliveryId = this.getHeader(headers, 'x-github-delivery')\n\n      return {\n        valid: true,\n        payload: event,\n        eventType: eventType ?? undefined,\n        webhookId: deliveryId ?? undefined,\n      }\n    } catch {\n      return {\n        valid: false,\n        error: 'Failed to parse webhook payload',\n      }\n    }\n  }\n\n  parseEventType(payload: unknown): string | undefined {\n    if (typeof payload === 'object' && payload !== null && 'action' in payload) {\n      return (payload as { action: string }).action\n    }\n    return undefined\n  }\n\n  private getHeader(\n    headers: Record<string, string | string[] | undefined>,\n    name: string\n  ): string | undefined {\n    const value = headers[name] ?? headers[name.toLowerCase()]\n    return Array.isArray(value) ? value[0] : value\n  }\n}\n",
+    "/**\n * @fileoverview Stripe webhook provider\n *\n * Implements Stripe's webhook signature verification.\n * @see https://stripe.com/docs/webhooks/signatures\n *\n * @module @gravito/echo/providers\n */\n\nimport {\n  computeHmacSha256,\n  parseStripeSignature,\n  timingSafeEqual,\n  validateTimestamp,\n} from '../receive/SignatureValidator'\nimport type { WebhookProvider, WebhookVerificationResult } from '../types'\n\n/**\n * Stripe webhook provider\n *\n * Verifies Stripe webhook signatures using their standard format.\n *\n * @example\n * ```typescript\n * const provider = new StripeProvider()\n * const result = await provider.verify(body, headers, process.env.STRIPE_WEBHOOK_SECRET)\n * ```\n */\nexport class StripeProvider implements WebhookProvider {\n  readonly name = 'stripe'\n\n  private tolerance: number\n\n  constructor(options: { tolerance?: number } = {}) {\n    this.tolerance = options.tolerance ?? 300\n  }\n\n  async verify(\n    payload: string | Buffer,\n    headers: Record<string, string | string[] | undefined>,\n    secret: string\n  ): Promise<WebhookVerificationResult> {\n    // Get signature header\n    const signatureHeader = this.getHeader(headers, 'stripe-signature')\n    if (!signatureHeader) {\n      return {\n        valid: false,\n        error: 'Missing Stripe-Signature header',\n      }\n    }\n\n    // Parse signature header\n    const parsed = parseStripeSignature(signatureHeader)\n    if (!parsed) {\n      return {\n        valid: false,\n        error: 'Invalid Stripe-Signature header format',\n      }\n    }\n\n    const { timestamp, signatures } = parsed\n\n    // Validate timestamp\n    if (!validateTimestamp(timestamp, this.tolerance)) {\n      return {\n        valid: false,\n        error: `Timestamp outside tolerance window (${this.tolerance}s)`,\n      }\n    }\n\n    // Compute expected signature\n    const payloadStr = typeof payload === 'string' ? payload : payload.toString('utf-8')\n    const signedPayload = `${timestamp}.${payloadStr}`\n    const expectedSignature = await computeHmacSha256(signedPayload, secret)\n\n    // Check if any signature matches\n    const signatureValid = signatures.some((sig) =>\n      timingSafeEqual(sig.toLowerCase(), expectedSignature.toLowerCase())\n    )\n\n    if (!signatureValid) {\n      return {\n        valid: false,\n        error: 'Signature verification failed',\n      }\n    }\n\n    // Parse payload\n    try {\n      const event = JSON.parse(payloadStr)\n      return {\n        valid: true,\n        payload: event,\n        eventType: event.type,\n        webhookId: event.id,\n      }\n    } catch {\n      return {\n        valid: false,\n        error: 'Failed to parse webhook payload',\n      }\n    }\n  }\n\n  parseEventType(payload: unknown): string | undefined {\n    if (typeof payload === 'object' && payload !== null && 'type' in payload) {\n      return (payload as { type: string }).type\n    }\n    return undefined\n  }\n\n  private getHeader(\n    headers: Record<string, string | string[] | undefined>,\n    name: string\n  ): string | undefined {\n    const value = headers[name] ?? headers[name.toLowerCase()]\n    return Array.isArray(value) ? value[0] : value\n  }\n}\n",
+    "/**\n * @fileoverview Webhook Receiver\n *\n * Handles incoming webhooks with signature verification.\n *\n * @module @gravito/echo/receive\n */\n\nimport { GenericProvider } from '../providers/GenericProvider'\nimport { GitHubProvider } from '../providers/GitHubProvider'\nimport { StripeProvider } from '../providers/StripeProvider'\nimport type {\n  WebhookEvent,\n  WebhookHandler,\n  WebhookProvider,\n  WebhookVerificationResult,\n} from '../types'\n\n// eslint-disable-next-line @typescript-eslint/no-explicit-any\ntype ProviderClass = new (options?: any) => WebhookProvider\n\n/**\n * Webhook Receiver\n *\n * Manages webhook providers and routes incoming webhooks to handlers.\n *\n * @example\n * ```typescript\n * const receiver = new WebhookReceiver()\n *\n * // Register provider\n * receiver.registerProvider('stripe', process.env.STRIPE_WEBHOOK_SECRET!)\n *\n * // Register handler\n * receiver.on('stripe', 'payment_intent.succeeded', async (event) => {\n *   console.log('Payment received:', event.payload)\n * })\n *\n * // Handle incoming webhook\n * const result = await receiver.handle('stripe', body, headers)\n * ```\n */\nexport class WebhookReceiver {\n  private providers = new Map<string, { provider: WebhookProvider; secret: string }>()\n  private handlers = new Map<string, Map<string, WebhookHandler[]>>()\n  private globalHandlers = new Map<string, WebhookHandler[]>()\n\n  constructor() {\n    // Register built-in providers\n    this.registerProviderType('generic', GenericProvider as ProviderClass)\n    this.registerProviderType('stripe', StripeProvider as ProviderClass)\n    this.registerProviderType('github', GitHubProvider as ProviderClass)\n  }\n\n  // eslint-disable-next-line @typescript-eslint/no-explicit-any\n  private providerTypes = new Map<string, ProviderClass>()\n\n  /**\n   * Register a custom provider type\n   */\n  registerProviderType(name: string, ProviderCls: ProviderClass): this {\n    this.providerTypes.set(name, ProviderCls)\n    return this\n  }\n\n  /**\n   * Register a provider with its secret\n   */\n  registerProvider(\n    name: string,\n    secret: string,\n    options?: { type?: string; tolerance?: number }\n  ): this {\n    const type = options?.type ?? name\n    const ProviderClass = this.providerTypes.get(type)\n\n    if (!ProviderClass) {\n      throw new Error(`Unknown provider type: ${type}`)\n    }\n\n    const provider = new ProviderClass({ tolerance: options?.tolerance })\n    this.providers.set(name, { provider, secret })\n    return this\n  }\n\n  /**\n   * Register an event handler\n   */\n  on<T = unknown>(providerName: string, eventType: string, handler: WebhookHandler<T>): this {\n    if (!this.handlers.has(providerName)) {\n      this.handlers.set(providerName, new Map())\n    }\n\n    const providerHandlers = this.handlers.get(providerName)!\n    if (!providerHandlers.has(eventType)) {\n      providerHandlers.set(eventType, [])\n    }\n\n    providerHandlers.get(eventType)!.push(handler as WebhookHandler)\n    return this\n  }\n\n  /**\n   * Register a handler for all events from a provider\n   */\n  onAll<T = unknown>(providerName: string, handler: WebhookHandler<T>): this {\n    if (!this.globalHandlers.has(providerName)) {\n      this.globalHandlers.set(providerName, [])\n    }\n\n    this.globalHandlers.get(providerName)!.push(handler as WebhookHandler)\n    return this\n  }\n\n  /**\n   * Handle an incoming webhook\n   */\n  async handle(\n    providerName: string,\n    body: string | Buffer,\n    headers: Record<string, string | string[] | undefined>\n  ): Promise<WebhookVerificationResult & { handled: boolean }> {\n    const config = this.providers.get(providerName)\n    if (!config) {\n      return {\n        valid: false,\n        error: `Provider not registered: ${providerName}`,\n        handled: false,\n      }\n    }\n\n    const { provider, secret } = config\n\n    // Verify webhook\n    const result = await provider.verify(body, headers, secret)\n    if (!result.valid) {\n      return { ...result, handled: false }\n    }\n\n    // Create event object\n    const event: WebhookEvent = {\n      provider: providerName,\n      type: result.eventType ?? 'unknown',\n      payload: result.payload,\n      headers,\n      rawBody: typeof body === 'string' ? body : body.toString('utf-8'),\n      receivedAt: new Date(),\n      id: result.webhookId,\n    }\n\n    // Call handlers\n    let handled = false\n\n    // Call event-specific handlers\n    const providerHandlers = this.handlers.get(providerName)\n    if (providerHandlers) {\n      const eventHandlers = providerHandlers.get(event.type)\n      if (eventHandlers) {\n        for (const handler of eventHandlers) {\n          await handler(event)\n          handled = true\n        }\n      }\n    }\n\n    // Call global handlers\n    const globalHandlers = this.globalHandlers.get(providerName)\n    if (globalHandlers) {\n      for (const handler of globalHandlers) {\n        await handler(event)\n        handled = true\n      }\n    }\n\n    return { ...result, handled }\n  }\n\n  /**\n   * Verify a webhook without handling\n   */\n  async verify(\n    providerName: string,\n    body: string | Buffer,\n    headers: Record<string, string | string[] | undefined>\n  ): Promise<WebhookVerificationResult> {\n    const config = this.providers.get(providerName)\n    if (!config) {\n      return {\n        valid: false,\n        error: `Provider not registered: ${providerName}`,\n      }\n    }\n\n    return config.provider.verify(body, headers, config.secret)\n  }\n}\n",
+    "/**\n * @fileoverview Webhook Dispatcher\n *\n * Reliably sends webhooks to external services with retry support.\n *\n * @module @gravito/echo/send\n */\n\nimport { computeHmacSha256 } from '../receive/SignatureValidator'\nimport type {\n  RetryConfig,\n  WebhookDeliveryResult,\n  WebhookDispatcherConfig,\n  WebhookPayload,\n} from '../types'\n\n/**\n * Default retry configuration\n */\nconst DEFAULT_RETRY_CONFIG: Required<RetryConfig> = {\n  maxAttempts: 3,\n  initialDelay: 1000,\n  backoffMultiplier: 2,\n  maxDelay: 300000, // 5 minutes\n  retryableStatuses: [408, 429, 500, 502, 503, 504],\n}\n\n/**\n * Webhook Dispatcher\n *\n * Sends webhooks with signature and retry support.\n *\n * @example\n * ```typescript\n * const dispatcher = new WebhookDispatcher({\n *   secret: 'my-webhook-secret',\n *   retry: { maxAttempts: 5 }\n * })\n *\n * const result = await dispatcher.dispatch({\n *   url: 'https://example.com/webhook',\n *   event: 'order.created',\n *   data: { orderId: 123 }\n * })\n * ```\n */\nexport class WebhookDispatcher {\n  private secret: string\n  private retryConfig: Required<RetryConfig>\n  private timeout: number\n  private userAgent: string\n\n  constructor(config: WebhookDispatcherConfig) {\n    this.secret = config.secret\n    this.retryConfig = { ...DEFAULT_RETRY_CONFIG, ...config.retry }\n    this.timeout = config.timeout ?? 30000\n    this.userAgent = config.userAgent ?? 'Gravito-Echo/1.0'\n  }\n\n  /**\n   * Dispatch a webhook with retries\n   */\n  async dispatch<T = unknown>(payload: WebhookPayload<T>): Promise<WebhookDeliveryResult> {\n    let lastResult: WebhookDeliveryResult | null = null\n\n    for (let attempt = 1; attempt <= this.retryConfig.maxAttempts; attempt++) {\n      const result = await this.attemptDelivery(payload, attempt)\n      lastResult = result\n\n      if (result.success) {\n        return result\n      }\n\n      // Check if we should retry\n      if (attempt < this.retryConfig.maxAttempts) {\n        const shouldRetry = this.shouldRetry(result)\n        if (shouldRetry) {\n          const delay = this.calculateDelay(attempt)\n          await this.sleep(delay)\n          continue\n        }\n      }\n\n      // Don't retry if status is not retryable\n      return result\n    }\n\n    return lastResult!\n  }\n\n  /**\n   * Attempt a single delivery\n   */\n  private async attemptDelivery<T = unknown>(\n    payload: WebhookPayload<T>,\n    attempt: number\n  ): Promise<WebhookDeliveryResult> {\n    const startTime = Date.now()\n    const timestamp = Math.floor(Date.now() / 1000)\n    const webhookId = payload.id ?? crypto.randomUUID()\n\n    try {\n      // Build request body\n      const body = JSON.stringify({\n        id: webhookId,\n        type: payload.event,\n        timestamp,\n        data: payload.data,\n      })\n\n      // Compute signature\n      const signedPayload = `${timestamp}.${body}`\n      const signature = await computeHmacSha256(signedPayload, this.secret)\n\n      // Create abort controller for timeout\n      const controller = new AbortController()\n      const timeoutId = setTimeout(() => controller.abort(), this.timeout)\n\n      try {\n        const response = await fetch(payload.url, {\n          method: 'POST',\n          headers: {\n            'Content-Type': 'application/json',\n            'User-Agent': this.userAgent,\n            'X-Webhook-ID': webhookId,\n            'X-Webhook-Timestamp': String(timestamp),\n            'X-Webhook-Signature': `t=${timestamp},v1=${signature}`,\n          },\n          body,\n          signal: controller.signal,\n        })\n\n        clearTimeout(timeoutId)\n\n        const duration = Date.now() - startTime\n        const responseBody = await response.text()\n\n        return {\n          success: response.ok,\n          statusCode: response.status,\n          body: responseBody,\n          attempt,\n          duration,\n          deliveredAt: new Date(),\n          error: response.ok ? undefined : `HTTP ${response.status}`,\n        }\n      } finally {\n        clearTimeout(timeoutId)\n      }\n    } catch (error) {\n      const duration = Date.now() - startTime\n\n      return {\n        success: false,\n        attempt,\n        duration,\n        deliveredAt: new Date(),\n        error: error instanceof Error ? error.message : 'Unknown error',\n      }\n    }\n  }\n\n  /**\n   * Check if we should retry based on result\n   */\n  private shouldRetry(result: WebhookDeliveryResult): boolean {\n    if (!result.statusCode) {\n      // Network error, retry\n      return true\n    }\n\n    return this.retryConfig.retryableStatuses.includes(result.statusCode)\n  }\n\n  /**\n   * Calculate delay for exponential backoff\n   */\n  private calculateDelay(attempt: number): number {\n    const delay =\n      this.retryConfig.initialDelay * this.retryConfig.backoffMultiplier ** (attempt - 1)\n\n    return Math.min(delay, this.retryConfig.maxDelay)\n  }\n\n  /**\n   * Sleep helper\n   */\n  private sleep(ms: number): Promise<void> {\n    return new Promise((resolve) => setTimeout(resolve, ms))\n  }\n}\n",
+    "/**\n * @fileoverview OrbitEcho Module\n *\n * Gravito integration for webhook handling.\n *\n * @module @gravito/echo\n */\n\nimport { WebhookReceiver } from './receive/WebhookReceiver'\nimport { WebhookDispatcher } from './send/WebhookDispatcher'\nimport type { EchoConfig } from './types'\n\n/**\n * Simple module interface for PlanetCore integration\n */\ninterface ModuleConfig {\n  singleton?: boolean\n}\n\n/**\n * Minimal ServiceProvider interface\n */\ninterface ServiceProvider {\n  register?(): void | Promise<void>\n  boot?(): void | Promise<void>\n}\n\n/**\n * Minimal PlanetCore interface\n */\ninterface PlanetCore {\n  container: {\n    bindSingleton<T>(key: string, value: T): void\n  }\n  hooks: {\n    addAction(hook: string, callback: () => void | Promise<void>): void\n  }\n  adapter: {\n    use(middleware: unknown): void\n  }\n  router: {\n    post(path: string, handler: unknown): void\n  }\n}\n\n/**\n * OrbitEcho - Gravito Webhook Module\n *\n * Provides secure webhook receiving and reliable webhook sending.\n *\n * @example\n * ```typescript\n * const core = new PlanetCore()\n *\n * core.install(new OrbitEcho({\n *   providers: {\n *     stripe: { name: 'stripe', secret: process.env.STRIPE_WEBHOOK_SECRET! },\n *     github: { name: 'github', secret: process.env.GITHUB_WEBHOOK_SECRET! }\n *   },\n *   dispatcher: {\n *     secret: process.env.OUTGOING_WEBHOOK_SECRET!\n *   }\n * }))\n *\n * // Get receiver to add handlers\n * const receiver = core.container.make<WebhookReceiver>('echo.receiver')\n * receiver.on('stripe', 'payment_intent.succeeded', async (event) => {\n *   console.log('Payment received:', event.payload)\n * })\n * ```\n */\nexport class OrbitEcho {\n  static config: ModuleConfig = { singleton: true }\n\n  private receiver: WebhookReceiver\n  private dispatcher?: WebhookDispatcher\n  private echoConfig: EchoConfig\n\n  constructor(config: EchoConfig = {}) {\n    this.echoConfig = config\n    this.receiver = new WebhookReceiver()\n\n    // Register providers\n    if (config.providers) {\n      for (const [name, providerConfig] of Object.entries(config.providers)) {\n        this.receiver.registerProvider(name, providerConfig.secret, {\n          type: providerConfig.name,\n          tolerance: providerConfig.tolerance,\n        })\n      }\n    }\n\n    // Create dispatcher\n    if (config.dispatcher) {\n      this.dispatcher = new WebhookDispatcher(config.dispatcher)\n    }\n  }\n\n  /**\n   * Install into PlanetCore\n   */\n  install(core: PlanetCore): void {\n    // Bind instances\n    core.container.bindSingleton('echo', this)\n    core.container.bindSingleton('echo.receiver', this.receiver)\n    if (this.dispatcher) {\n      core.container.bindSingleton('echo.dispatcher', this.dispatcher)\n    }\n  }\n\n  /**\n   * Get webhook receiver\n   */\n  getReceiver(): WebhookReceiver {\n    return this.receiver\n  }\n\n  /**\n   * Get webhook dispatcher\n   */\n  getDispatcher(): WebhookDispatcher | undefined {\n    return this.dispatcher\n  }\n\n  /**\n   * Get configuration\n   */\n  getConfig(): EchoConfig {\n    return this.echoConfig\n  }\n}\n"
+  ],
+  "mappings": ";;AAWA,eAAsB,iBAAiB,CAAC,SAA0B,QAAiC;AAAA,EACjG,MAAM,MAAM,MAAM,OAAO,OAAO,UAC9B,OACA,IAAI,YAAY,EAAE,OAAO,MAAM,GAC/B,EAAE,MAAM,QAAQ,MAAM,UAAU,GAChC,OACA,CAAC,MAAM,CACT;AAAA,EAEA,MAAM,gBACJ,OAAO,YAAY,WACf,IAAI,YAAY,EAAE,OAAO,OAAO,IAChC,IAAI,WAAW,QAAQ,QAAQ,QAAQ,YAAY,QAAQ,UAAU;AAAA,EAE3E,MAAM,YAAY,MAAM,OAAO,OAAO,KAAK,QAAQ,KAAK,aAA6B;AAAA,EACrF,OAAO,OAAO,KAAK,SAAS,EAAE,SAAS,KAAK;AAAA;AAM9C,eAAsB,eAAe,CAAC,SAA0B,QAAiC;AAAA,EAC/F,MAAM,MAAM,MAAM,OAAO,OAAO,UAC9B,OACA,IAAI,YAAY,EAAE,OAAO,MAAM,GAC/B,EAAE,MAAM,QAAQ,MAAM,QAAQ,GAC9B,OACA,CAAC,MAAM,CACT;AAAA,EAEA,MAAM,gBACJ,OAAO,YAAY,WACf,IAAI,YAAY,EAAE,OAAO,OAAO,IAChC,IAAI,WAAW,QAAQ,QAAQ,QAAQ,YAAY,QAAQ,UAAU;AAAA,EAE3E,MAAM,YAAY,MAAM,OAAO,OAAO,KAAK,QAAQ,KAAK,aAA6B;AAAA,EACrF,OAAO,OAAO,KAAK,SAAS,EAAE,SAAS,KAAK;AAAA;AAMvC,SAAS,eAAe,CAAC,GAAW,GAAoB;AAAA,EAC7D,IAAI,EAAE,WAAW,EAAE,QAAQ;AAAA,IACzB,OAAO;AAAA,EACT;AAAA,EAEA,MAAM,SAAS,IAAI,YAAY,EAAE,OAAO,CAAC;AAAA,EACzC,MAAM,SAAS,IAAI,YAAY,EAAE,OAAO,CAAC;AAAA,EAEzC,IAAI,SAAS;AAAA,EACb,SAAS,IAAI,EAAG,IAAI,OAAO,QAAQ,KAAK;AAAA,IACtC,WAAW,OAAO,MAAM,MAAM,OAAO,MAAM;AAAA,EAC7C;AAAA,EAEA,OAAO,WAAW;AAAA;AASb,SAAS,iBAAiB,CAAC,WAAmB,YAAY,KAAc;AAAA,EAC7E,MAAM,MAAM,KAAK,MAAM,KAAK,IAAI,IAAI,IAAI;AAAA,EACxC,OAAO,KAAK,IAAI,MAAM,SAAS,KAAK;AAAA;AAO/B,SAAS,oBAAoB,CAClC,QACoD;AAAA,EACpD,MAAM,QAAQ,OAAO,MAAM,GAAG;AAAA,EAC9B,IAAI;AAAA,EACJ,MAAM,aAAuB,CAAC;AAAA,EAE9B,WAAW,QAAQ,OAAO;AAAA,IACxB,OAAO,KAAK,SAAS,KAAK,MAAM,GAAG;AAAA,IACnC,IAAI,QAAQ,OAAO,UAAU,WAAW;AAAA,MACtC,YAAY,SAAS,OAAO,EAAE;AAAA,IAChC,EAAO,SAAI,QAAQ,QAAQ,UAAU,WAAW;AAAA,MAC9C,WAAW,KAAK,KAAK;AAAA,IACvB;AAAA,EACF;AAAA,EAEA,IAAI,cAAc,aAAa,WAAW,WAAW,GAAG;AAAA,IACtD,OAAO;AAAA,EACT;AAAA,EAEA,OAAO,EAAE,WAAW,WAAW;AAAA;;;AC5E1B,MAAM,gBAA2C;AAAA,EAC7C,OAAO;AAAA,EAER;AAAA,EACA;AAAA,EACA;AAAA,EAER,WAAW,CACT,UAII,CAAC,GACL;AAAA,IACA,KAAK,kBAAkB,QAAQ,mBAAmB;AAAA,IAClD,KAAK,kBAAkB,QAAQ,mBAAmB;AAAA,IAClD,KAAK,YAAY,QAAQ,aAAa;AAAA;AAAA,OAGlC,OAAM,CACV,SACA,SACA,QACoC;AAAA,IAEpC,MAAM,YAAY,KAAK,UAAU,SAAS,KAAK,eAAe;AAAA,IAC9D,IAAI,CAAC,WAAW;AAAA,MACd,OAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO,6BAA6B,KAAK;AAAA,MAC3C;AAAA,IACF;AAAA,IAGA,MAAM,eAAe,KAAK,UAAU,SAAS,KAAK,eAAe;AAAA,IACjE,IAAI,cAAc;AAAA,MAChB,MAAM,YAAY,SAAS,cAAc,EAAE;AAAA,MAC3C,IAAI,MAAM,SAAS,KAAK,CAAC,kBAAkB,WAAW,KAAK,SAAS,GAAG;AAAA,QACrE,OAAO;AAAA,UACL,OAAO;AAAA,UACP,OAAO;AAAA,QACT;AAAA,MACF;AAAA,IACF;AAAA,IAGA,MAAM,aAAa,OAAO,YAAY,WAAW,UAAU,QAAQ,SAAS,OAAO;AAAA,IACnF,MAAM,oBAAoB,MAAM,kBAAkB,YAAY,MAAM;AAAA,IAGpE,IAAI,CAAC,gBAAgB,UAAU,YAAY,GAAG,kBAAkB,YAAY,CAAC,GAAG;AAAA,MAC9E,OAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO;AAAA,MACT;AAAA,IACF;AAAA,IAGA,IAAI;AAAA,MACF,MAAM,SAAS,KAAK,MAAM,UAAU;AAAA,MACpC,OAAO;AAAA,QACL,OAAO;AAAA,QACP,SAAS;AAAA,QACT,WAAW,OAAO,QAAQ,OAAO,SAAS,OAAO;AAAA,QACjD,WAAW,OAAO,MAAM,OAAO;AAAA,MACjC;AAAA,MACA,MAAM;AAAA,MACN,OAAO;AAAA,QACL,OAAO;AAAA,QACP,SAAS;AAAA,MACX;AAAA;AAAA;AAAA,EAII,SAAS,CACf,SACA,MACoB;AAAA,IACpB,MAAM,QAAQ,QAAQ,SAAS,QAAQ,KAAK,YAAY;AAAA,IACxD,OAAO,MAAM,QAAQ,KAAK,IAAI,MAAM,KAAK;AAAA;AAE7C;;;ACtFO,MAAM,eAA0C;AAAA,EAC5C,OAAO;AAAA,OAEV,OAAM,CACV,SACA,SACA,QACoC;AAAA,IAEpC,MAAM,YAAY,KAAK,UAAU,SAAS,qBAAqB;AAAA,IAC/D,IAAI,CAAC,WAAW;AAAA,MACd,OAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO;AAAA,MACT;AAAA,IACF;AAAA,IAGA,IAAI,CAAC,UAAU,WAAW,SAAS,GAAG;AAAA,MACpC,OAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO;AAAA,MACT;AAAA,IACF;AAAA,IAEA,MAAM,iBAAiB,UAAU,MAAM,CAAC;AAAA,IAGxC,MAAM,aAAa,OAAO,YAAY,WAAW,UAAU,QAAQ,SAAS,OAAO;AAAA,IACnF,MAAM,oBAAoB,MAAM,kBAAkB,YAAY,MAAM;AAAA,IAGpE,IAAI,CAAC,gBAAgB,eAAe,YAAY,GAAG,kBAAkB,YAAY,CAAC,GAAG;AAAA,MACnF,OAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO;AAAA,MACT;AAAA,IACF;AAAA,IAGA,IAAI;AAAA,MACF,MAAM,QAAQ,KAAK,MAAM,UAAU;AAAA,MACnC,MAAM,YAAY,KAAK,UAAU,SAAS,gBAAgB;AAAA,MAC1D,MAAM,aAAa,KAAK,UAAU,SAAS,mBAAmB;AAAA,MAE9D,OAAO;AAAA,QACL,OAAO;AAAA,QACP,SAAS;AAAA,QACT,WAAW,aAAa;AAAA,QACxB,WAAW,cAAc;AAAA,MAC3B;AAAA,MACA,MAAM;AAAA,MACN,OAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO;AAAA,MACT;AAAA;AAAA;AAAA,EAIJ,cAAc,CAAC,SAAsC;AAAA,IACnD,IAAI,OAAO,YAAY,YAAY,YAAY,QAAQ,YAAY,SAAS;AAAA,MAC1E,OAAQ,QAA+B;AAAA,IACzC;AAAA,IACA;AAAA;AAAA,EAGM,SAAS,CACf,SACA,MACoB;AAAA,IACpB,MAAM,QAAQ,QAAQ,SAAS,QAAQ,KAAK,YAAY;AAAA,IACxD,OAAO,MAAM,QAAQ,KAAK,IAAI,MAAM,KAAK;AAAA;AAE7C;;;ACpEO,MAAM,eAA0C;AAAA,EAC5C,OAAO;AAAA,EAER;AAAA,EAER,WAAW,CAAC,UAAkC,CAAC,GAAG;AAAA,IAChD,KAAK,YAAY,QAAQ,aAAa;AAAA;AAAA,OAGlC,OAAM,CACV,SACA,SACA,QACoC;AAAA,IAEpC,MAAM,kBAAkB,KAAK,UAAU,SAAS,kBAAkB;AAAA,IAClE,IAAI,CAAC,iBAAiB;AAAA,MACpB,OAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO;AAAA,MACT;AAAA,IACF;AAAA,IAGA,MAAM,SAAS,qBAAqB,eAAe;AAAA,IACnD,IAAI,CAAC,QAAQ;AAAA,MACX,OAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO;AAAA,MACT;AAAA,IACF;AAAA,IAEA,QAAQ,WAAW,eAAe;AAAA,IAGlC,IAAI,CAAC,kBAAkB,WAAW,KAAK,SAAS,GAAG;AAAA,MACjD,OAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO,uCAAuC,KAAK;AAAA,MACrD;AAAA,IACF;AAAA,IAGA,MAAM,aAAa,OAAO,YAAY,WAAW,UAAU,QAAQ,SAAS,OAAO;AAAA,IACnF,MAAM,gBAAgB,GAAG,aAAa;AAAA,IACtC,MAAM,oBAAoB,MAAM,kBAAkB,eAAe,MAAM;AAAA,IAGvE,MAAM,iBAAiB,WAAW,KAAK,CAAC,QACtC,gBAAgB,IAAI,YAAY,GAAG,kBAAkB,YAAY,CAAC,CACpE;AAAA,IAEA,IAAI,CAAC,gBAAgB;AAAA,MACnB,OAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO;AAAA,MACT;AAAA,IACF;AAAA,IAGA,IAAI;AAAA,MACF,MAAM,QAAQ,KAAK,MAAM,UAAU;AAAA,MACnC,OAAO;AAAA,QACL,OAAO;AAAA,QACP,SAAS;AAAA,QACT,WAAW,MAAM;AAAA,QACjB,WAAW,MAAM;AAAA,MACnB;AAAA,MACA,MAAM;AAAA,MACN,OAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO;AAAA,MACT;AAAA;AAAA;AAAA,EAIJ,cAAc,CAAC,SAAsC;AAAA,IACnD,IAAI,OAAO,YAAY,YAAY,YAAY,QAAQ,UAAU,SAAS;AAAA,MACxE,OAAQ,QAA6B;AAAA,IACvC;AAAA,IACA;AAAA;AAAA,EAGM,SAAS,CACf,SACA,MACoB;AAAA,IACpB,MAAM,QAAQ,QAAQ,SAAS,QAAQ,KAAK,YAAY;AAAA,IACxD,OAAO,MAAM,QAAQ,KAAK,IAAI,MAAM,KAAK;AAAA;AAE7C;;;AC5EO,MAAM,gBAAgB;AAAA,EACnB,YAAY,IAAI;AAAA,EAChB,WAAW,IAAI;AAAA,EACf,iBAAiB,IAAI;AAAA,EAE7B,WAAW,GAAG;AAAA,IAEZ,KAAK,qBAAqB,WAAW,eAAgC;AAAA,IACrE,KAAK,qBAAqB,UAAU,cAA+B;AAAA,IACnE,KAAK,qBAAqB,UAAU,cAA+B;AAAA;AAAA,EAI7D,gBAAgB,IAAI;AAAA,EAK5B,oBAAoB,CAAC,MAAc,aAAkC;AAAA,IACnE,KAAK,cAAc,IAAI,MAAM,WAAW;AAAA,IACxC,OAAO;AAAA;AAAA,EAMT,gBAAgB,CACd,MACA,QACA,SACM;AAAA,IACN,MAAM,OAAO,SAAS,QAAQ;AAAA,IAC9B,MAAM,gBAAgB,KAAK,cAAc,IAAI,IAAI;AAAA,IAEjD,IAAI,CAAC,eAAe;AAAA,MAClB,MAAM,IAAI,MAAM,0BAA0B,MAAM;AAAA,IAClD;AAAA,IAEA,MAAM,WAAW,IAAI,cAAc,EAAE,WAAW,SAAS,UAAU,CAAC;AAAA,IACpE,KAAK,UAAU,IAAI,MAAM,EAAE,UAAU,OAAO,CAAC;AAAA,IAC7C,OAAO;AAAA;AAAA,EAMT,EAAe,CAAC,cAAsB,WAAmB,SAAkC;AAAA,IACzF,IAAI,CAAC,KAAK,SAAS,IAAI,YAAY,GAAG;AAAA,MACpC,KAAK,SAAS,IAAI,cAAc,IAAI,GAAK;AAAA,IAC3C;AAAA,IAEA,MAAM,mBAAmB,KAAK,SAAS,IAAI,YAAY;AAAA,IACvD,IAAI,CAAC,iBAAiB,IAAI,SAAS,GAAG;AAAA,MACpC,iBAAiB,IAAI,WAAW,CAAC,CAAC;AAAA,IACpC;AAAA,IAEA,iBAAiB,IAAI,SAAS,EAAG,KAAK,OAAyB;AAAA,IAC/D,OAAO;AAAA;AAAA,EAMT,KAAkB,CAAC,cAAsB,SAAkC;AAAA,IACzE,IAAI,CAAC,KAAK,eAAe,IAAI,YAAY,GAAG;AAAA,MAC1C,KAAK,eAAe,IAAI,cAAc,CAAC,CAAC;AAAA,IAC1C;AAAA,IAEA,KAAK,eAAe,IAAI,YAAY,EAAG,KAAK,OAAyB;AAAA,IACrE,OAAO;AAAA;AAAA,OAMH,OAAM,CACV,cACA,MACA,SAC2D;AAAA,IAC3D,MAAM,SAAS,KAAK,UAAU,IAAI,YAAY;AAAA,IAC9C,IAAI,CAAC,QAAQ;AAAA,MACX,OAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO,4BAA4B;AAAA,QACnC,SAAS;AAAA,MACX;AAAA,IACF;AAAA,IAEA,QAAQ,UAAU,WAAW;AAAA,IAG7B,MAAM,SAAS,MAAM,SAAS,OAAO,MAAM,SAAS,MAAM;AAAA,IAC1D,IAAI,CAAC,OAAO,OAAO;AAAA,MACjB,OAAO,KAAK,QAAQ,SAAS,MAAM;AAAA,IACrC;AAAA,IAGA,MAAM,QAAsB;AAAA,MAC1B,UAAU;AAAA,MACV,MAAM,OAAO,aAAa;AAAA,MAC1B,SAAS,OAAO;AAAA,MAChB;AAAA,MACA,SAAS,OAAO,SAAS,WAAW,OAAO,KAAK,SAAS,OAAO;AAAA,MAChE,YAAY,IAAI;AAAA,MAChB,IAAI,OAAO;AAAA,IACb;AAAA,IAGA,IAAI,UAAU;AAAA,IAGd,MAAM,mBAAmB,KAAK,SAAS,IAAI,YAAY;AAAA,IACvD,IAAI,kBAAkB;AAAA,MACpB,MAAM,gBAAgB,iBAAiB,IAAI,MAAM,IAAI;AAAA,MACrD,IAAI,eAAe;AAAA,QACjB,WAAW,WAAW,eAAe;AAAA,UACnC,MAAM,QAAQ,KAAK;AAAA,UACnB,UAAU;AAAA,QACZ;AAAA,MACF;AAAA,IACF;AAAA,IAGA,MAAM,iBAAiB,KAAK,eAAe,IAAI,YAAY;AAAA,IAC3D,IAAI,gBAAgB;AAAA,MAClB,WAAW,WAAW,gBAAgB;AAAA,QACpC,MAAM,QAAQ,KAAK;AAAA,QACnB,UAAU;AAAA,MACZ;AAAA,IACF;AAAA,IAEA,OAAO,KAAK,QAAQ,QAAQ;AAAA;AAAA,OAMxB,OAAM,CACV,cACA,MACA,SACoC;AAAA,IACpC,MAAM,SAAS,KAAK,UAAU,IAAI,YAAY;AAAA,IAC9C,IAAI,CAAC,QAAQ;AAAA,MACX,OAAO;AAAA,QACL,OAAO;AAAA,QACP,OAAO,4BAA4B;AAAA,MACrC;AAAA,IACF;AAAA,IAEA,OAAO,OAAO,SAAS,OAAO,MAAM,SAAS,OAAO,MAAM;AAAA;AAE9D;;;AChLA,IAAM,uBAA8C;AAAA,EAClD,aAAa;AAAA,EACb,cAAc;AAAA,EACd,mBAAmB;AAAA,EACnB,UAAU;AAAA,EACV,mBAAmB,CAAC,KAAK,KAAK,KAAK,KAAK,KAAK,GAAG;AAClD;AAAA;AAqBO,MAAM,kBAAkB;AAAA,EACrB;AAAA,EACA;AAAA,EACA;AAAA,EACA;AAAA,EAER,WAAW,CAAC,QAAiC;AAAA,IAC3C,KAAK,SAAS,OAAO;AAAA,IACrB,KAAK,cAAc,KAAK,yBAAyB,OAAO,MAAM;AAAA,IAC9D,KAAK,UAAU,OAAO,WAAW;AAAA,IACjC,KAAK,YAAY,OAAO,aAAa;AAAA;AAAA,OAMjC,SAAqB,CAAC,SAA4D;AAAA,IACtF,IAAI,aAA2C;AAAA,IAE/C,SAAS,UAAU,EAAG,WAAW,KAAK,YAAY,aAAa,WAAW;AAAA,MACxE,MAAM,SAAS,MAAM,KAAK,gBAAgB,SAAS,OAAO;AAAA,MAC1D,aAAa;AAAA,MAEb,IAAI,OAAO,SAAS;AAAA,QAClB,OAAO;AAAA,MACT;AAAA,MAGA,IAAI,UAAU,KAAK,YAAY,aAAa;AAAA,QAC1C,MAAM,cAAc,KAAK,YAAY,MAAM;AAAA,QAC3C,IAAI,aAAa;AAAA,UACf,MAAM,QAAQ,KAAK,eAAe,OAAO;AAAA,UACzC,MAAM,KAAK,MAAM,KAAK;AAAA,UACtB;AAAA,QACF;AAAA,MACF;AAAA,MAGA,OAAO;AAAA,IACT;AAAA,IAEA,OAAO;AAAA;AAAA,OAMK,gBAA4B,CACxC,SACA,SACgC;AAAA,IAChC,MAAM,YAAY,KAAK,IAAI;AAAA,IAC3B,MAAM,YAAY,KAAK,MAAM,KAAK,IAAI,IAAI,IAAI;AAAA,IAC9C,MAAM,YAAY,QAAQ,MAAM,OAAO,WAAW;AAAA,IAElD,IAAI;AAAA,MAEF,MAAM,OAAO,KAAK,UAAU;AAAA,QAC1B,IAAI;AAAA,QACJ,MAAM,QAAQ;AAAA,QACd;AAAA,QACA,MAAM,QAAQ;AAAA,MAChB,CAAC;AAAA,MAGD,MAAM,gBAAgB,GAAG,aAAa;AAAA,MACtC,MAAM,YAAY,MAAM,kBAAkB,eAAe,KAAK,MAAM;AAAA,MAGpE,MAAM,aAAa,IAAI;AAAA,MACvB,MAAM,YAAY,WAAW,MAAM,WAAW,MAAM,GAAG,KAAK,OAAO;AAAA,MAEnE,IAAI;AAAA,QACF,MAAM,WAAW,MAAM,MAAM,QAAQ,KAAK;AAAA,UACxC,QAAQ;AAAA,UACR,SAAS;AAAA,YACP,gBAAgB;AAAA,YAChB,cAAc,KAAK;AAAA,YACnB,gBAAgB;AAAA,YAChB,uBAAuB,OAAO,SAAS;AAAA,YACvC,uBAAuB,KAAK,gBAAgB;AAAA,UAC9C;AAAA,UACA;AAAA,UACA,QAAQ,WAAW;AAAA,QACrB,CAAC;AAAA,QAED,aAAa,SAAS;AAAA,QAEtB,MAAM,WAAW,KAAK,IAAI,IAAI;AAAA,QAC9B,MAAM,eAAe,MAAM,SAAS,KAAK;AAAA,QAEzC,OAAO;AAAA,UACL,SAAS,SAAS;AAAA,UAClB,YAAY,SAAS;AAAA,UACrB,MAAM;AAAA,UACN;AAAA,UACA;AAAA,UACA,aAAa,IAAI;AAAA,UACjB,OAAO,SAAS,KAAK,YAAY,QAAQ,SAAS;AAAA,QACpD;AAAA,gBACA;AAAA,QACA,aAAa,SAAS;AAAA;AAAA,MAExB,OAAO,OAAO;AAAA,MACd,MAAM,WAAW,KAAK,IAAI,IAAI;AAAA,MAE9B,OAAO;AAAA,QACL,SAAS;AAAA,QACT;AAAA,QACA;AAAA,QACA,aAAa,IAAI;AAAA,QACjB,OAAO,iBAAiB,QAAQ,MAAM,UAAU;AAAA,MAClD;AAAA;AAAA;AAAA,EAOI,WAAW,CAAC,QAAwC;AAAA,IAC1D,IAAI,CAAC,OAAO,YAAY;AAAA,MAEtB,OAAO;AAAA,IACT;AAAA,IAEA,OAAO,KAAK,YAAY,kBAAkB,SAAS,OAAO,UAAU;AAAA;AAAA,EAM9D,cAAc,CAAC,SAAyB;AAAA,IAC9C,MAAM,QACJ,KAAK,YAAY,eAAe,KAAK,YAAY,sBAAsB,UAAU;AAAA,IAEnF,OAAO,KAAK,IAAI,OAAO,KAAK,YAAY,QAAQ;AAAA;AAAA,EAM1C,KAAK,CAAC,IAA2B;AAAA,IACvC,OAAO,IAAI,QAAQ,CAAC,YAAY,WAAW,SAAS,EAAE,CAAC;AAAA;AAE3D;;;ACvHO,MAAM,UAAU;AAAA,SACd,SAAuB,EAAE,WAAW,KAAK;AAAA,EAExC;AAAA,EACA;AAAA,EACA;AAAA,EAER,WAAW,CAAC,SAAqB,CAAC,GAAG;AAAA,IACnC,KAAK,aAAa;AAAA,IAClB,KAAK,WAAW,IAAI;AAAA,IAGpB,IAAI,OAAO,WAAW;AAAA,MACpB,YAAY,MAAM,mBAAmB,OAAO,QAAQ,OAAO,SAAS,GAAG;AAAA,QACrE,KAAK,SAAS,iBAAiB,MAAM,eAAe,QAAQ;AAAA,UAC1D,MAAM,eAAe;AAAA,UACrB,WAAW,eAAe;AAAA,QAC5B,CAAC;AAAA,MACH;AAAA,IACF;AAAA,IAGA,IAAI,OAAO,YAAY;AAAA,MACrB,KAAK,aAAa,IAAI,kBAAkB,OAAO,UAAU;AAAA,IAC3D;AAAA;AAAA,EAMF,OAAO,CAAC,MAAwB;AAAA,IAE9B,KAAK,UAAU,cAAc,QAAQ,IAAI;AAAA,IACzC,KAAK,UAAU,cAAc,iBAAiB,KAAK,QAAQ;AAAA,IAC3D,IAAI,KAAK,YAAY;AAAA,MACnB,KAAK,UAAU,cAAc,mBAAmB,KAAK,UAAU;AAAA,IACjE;AAAA;AAAA,EAMF,WAAW,GAAoB;AAAA,IAC7B,OAAO,KAAK;AAAA;AAAA,EAMd,aAAa,GAAkC;AAAA,IAC7C,OAAO,KAAK;AAAA;AAAA,EAMd,SAAS,GAAe;AAAA,IACtB,OAAO,KAAK;AAAA;AAEhB;",
+  "debugId": "20EC60D051D827F464756E2164756E21",
+  "names": []
+}

package/package.json

@@ -0,0 +1,51 @@
+{
+  "name": "@gravito/echo",
+  "version": "1.0.0-alpha.2",
+  "description": "Enterprise-grade webhook handling for Gravito. Secure receiving and reliable sending.",
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.mjs",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.mjs",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "files": [
+    "dist",
+    "README.md"
+  ],
+  "scripts": {
+    "build": "bun run build.ts",
+    "test": "bun test",
+    "typecheck": "tsc --noEmit"
+  },
+  "keywords": [
+    "gravito",
+    "webhook",
+    "stripe",
+    "github",
+    "hmac",
+    "signature"
+  ],
+  "author": "Carl Lee <carllee0520@gmail.com>",
+  "license": "MIT",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/gravito-framework/gravito.git",
+    "directory": "packages/echo"
+  },
+  "homepage": "https://github.com/gravito-framework/gravito#readme",
+  "peerDependencies": {
+    "gravito-core": "1.0.0-beta.2"
+  },
+  "devDependencies": {
+    "bun-types": "latest",
+    "typescript": "^5.9.3"
+  },
+  "publishConfig": {
+    "access": "public"
+  }
+}